@FusionGuy38
Thanks covering Stuxnet again. Reading the Symantec dossier back in the day was one of the most fascinatingly enjoyable things I’ve ever read. Geek entertainment at its best.
@markmuir7338
StuxNet was the turning point for me: until then I was a firm believer in “Don’t attribute to malice what can be explained by incompetence”. After that I switched to “Where there’s a will, there’s a way”.
@tonywilson4713
HEY DAVE - Control system engineer here with 30+ years of experience. FYI - I have used several versions of Step 7 over the years as well as several other major systems like Allen Bradley Control Logix, ABB 800xA, Schneider. I'm not a great fan of Step 7 although it does several things superbly. I prefer Allen Bradley Control Logix. I have also done robotics with Fanuc, Kuka and Adept. I also have a lot of experience with motor controls. Like everyone else in the IT industry you actually need to find one of us and have sit down and get your terminology correct and also get some of the details of this particular subject correct. When Stuxnet hit it was a big deal for the company I worked for because we had just done a major upgrade to an off shore oil & gas rig using Siemens Software. FIRST and this is important for this story. What you have called a "frequency converter" IS NOT a frequency converter. If anything its a POWER INVERTER, because its inverts AC into DC and then back into AC. Starting at the basics - the lump of electronics that switches and controls a motor is called a DRIVE because it drives the motor. it doesn't matter what type of control is being used that lump is called a drive. We do use some more specific terms like soft starter, but in general if it drives a motor then its a drive. Drives that can vary the speed of a motor are called VSDs (Variable Speed Drives). In the past people did call them Variable Frequency Drives (VFDs) or Variable Voltage Variable Frequency Drives (VVVFs or Triple VFs). But I have never heard either a sales rep or engineer EVER call a motor drive a frequency converter. On the subject of Uranium Enrichment. In 2005 (~5 years) before this happened I was working at the ERA Ranger Uranium Mine. As part of working there we had to do a full ANSTO induction. A normal mine stie induction is 1-2 hours. The ANSTO induction was 2 days and we covered the entire Uranium cycle from in the ground to back in the ground including a fairly detailed description of Uranium enrichment. In 2005 there was a lot of friction regarding what Iran was up to so we asked what Iran was up to. The give away that they had a weapons program was the number of centrifuges. In general: Fuel grade for power stations needs around 5 to 8,000 centrifuges. For military fuel grade like that used in submarines needs around 20,000 centrifuges. For weapons grade Uranium you need 40,000 centrifuges or more and we knew Iran had 55,000. Understanding motors and motor controls is how we knew they had 55,000 centrifuges. In GENERAL and there's a lot of variation in motors but basically: Normal 3phase induction motors generally operate up to 1500 rpm at 50Hz High 3phase speed induction motors operate up to 3,000 rpm at 100Hz or higher. The permanent magnet servo motors used in robotics and CNC machining centres operate up to 6,000 rpm and maybe more depending on the motor size. The SPINDLE MOTORS used in CNC machining spindles (hence why they are called spindle motors) can (depending on the size of the motor) go in excess of 30,000 rpm. Most VSDs can outputs more than the standard 50Hz and can generally go to 200Hz although I have used ones capable of 400Hz. Spindle motors go much faster and that's why they need specialised drives with much higher frequencies. There are also some very specialised ultra high speed motors that can go in excess of 100,000rpm. But those are very small motors with rare earth permanent magnets and most often used in the computer industry in disk drives. VERY IMPORTANT - There is nothing classified or spectacularly special about spindle motors or the VSDs they use other than they go a lot faster than normal motors. 1,000s are sold every month across the world as part of the machine tool industry. The thing is Iran DID NOT (in 2005) have a machine tool industry so when they bought enough motors and VSDs for 55,000 gas centrifuges people who understood Uranium enrichment knew EXACTLY what they were up to. As to what Stuxnet did inside the S7 PLCs we were advised on that because of the system our company had done. Luckily there was nothing in what we did that Stuxnet targeted. Our project was a SCADA system not a PLC system. So it was in another part of the Siemens Suite of software packages. What it did was very interesting. The S7 like most modern PLCs is a multitasking operating system. We tend to write our systems as a main cyclic task with a number of timed tasks that operate via interrupts. We do that because things like PID close loop functions work best when the operate at a consistent time interval. So we tend to put those in separate tasks running off timed interrupts. What Stuxnet did was not only insert an additional task that took control of the commands to the VSDs but that inserted task DID NOT appear in the task list. So the engineers could NOT FIND IT and could not understand why their code was not working. If you want to discuss this further I'd like to do a podcast with you. You know how this thing ran around the world and on all that stuff your 100% correct. I know what it did inside the PLCs. I also know how it found the specific laptop or desk top it was looking for. The most disturbing thing about Stuxnet wasn't what it did but it laid out the basic blueprint for what can be done to everyone's basic infrastructure. Basically everyone now has a blueprint from which to develop their own cyber weapons. Its sort of like inventing the machine gun in 1750 and then leaving them all over the place for other people to copy or derive new machine guns from. Sooner or later I expect Stuxnet clones and derived descendants to appear and do some real damage.
@rjy8960
I was working with PLC systems at the time that Stuxnet was exposed and have always held it as a pinnacle of software engineering in its purpose and execution. It still amazes me to the is day.
@fonkbadonk5370
I've been a PLC dev for ~20 years, especially working with Siemens S7-300 PLCs. What struck me even almost a bit more than the PC-side of the worm is, that you need absolute full VERY detailed knowledge about how the PLC's internal adressing and code was done. You can't just "search" for frequency converters - you need to know exactly at which bit what exact data is expected/delivered, as there are no standards towards that at all. It's all the dev's choice, and there are no "discovery services". PLCs are, internally, ancient technology. Considering that even in "normal" private companies, these infos are heavily guarded, it's almost unbelievable that anyone unauthorized could get their hands on SUCH a deep level of internal stuff. They basically MUST have had an actual dev in their pockets - one that also managed to sneak this data out.
@joelk9603
Dave, this is a brilliant explanation of Stuxnet, concise, logical, and clear. Thank you for another Master Class, keep 'em coming!
@ralphybean
Thanks Dave. Most videos on this subject are 45min plus. Yours is clear and precise
@6thdayblue59
Hi Dave, I came across this and started watching. Frankly after a minute I didn’t have a clue what you were talking about, so I looked at the comments. Clearly you are fantastically brilliant man, and all I saw were positive comments and respect. So from someone who once owned a ZX Sprectrum, (yes I’m that old) I think you are so well respected and admired for your content and clearly you are the man to follow for computer stuff. Peace be with you Dave x
@ピアノアダム
This is great! I love hearing the background to this 3:30 stolen data or botnet 3:47 step 7 for controllers PLC etc. It’s the connection that is the issue and the peer-to-peer update manual diagnostics for their own benefit. 4:47 airgapped laptop is near impossible to breach except for removable drives etc media and such. So to spread. 😢
@jamesbond_007
Love the "The Friendly Giant" reference at the end! At least some PBS stations aired this show during the late 1960s; the theme tune is highly memorable, so it instantly identifies the show in question.
@Julkkis1980
That was a correct and precise description of Stuxnet that i thought i woild never hear. Great Job. Greetings from an IT security professial that used to Works on nuclear industry
@willmcbride4435
I was delighted to see the title of this video. Stuxnet is super interesting and I love your style, Dave. I expected a great presentation and I was not at all disappointed. At the time, I worked in industrial controls with Siemens PLCs and drives. Super impressive from an engineering perspective.
@lens1736
Don't know if you are a grandfather or not, but if you tell bedtime stories, me at 68 YO would even like to listen in. Love your ability to tell a story. I've watched several videos on Stuxnet, but you succinctly bring it to life. thanks. Keep telling stories.
@thomaspripley
For those interested in going deeper, I highly recommend Kim Zetter's book "Countdown to Zero Day." I read it in 2014, it's gripping and full of extreme details! Dave did a great job covering it in short format though!
@MartinPiper6502
Many years ago I used to work for a company selling "enterprise security" software that would help to block USB devices, stop them from exposing storage/network/etc. It would only approve certain devices and also provided encrypted device storage. We noticed some USB devices (like cameras or thumb drives) would, when first plugged in, present themselves as a CD device with autorun and something to install their drivers. Then when plugged in again they would appear as their proper camera/storage device.
@photorealm
I wonder how many people have made an amazing achievement like Stuxnet but can't tell a single person how cool it was and they will never be acknowledged for their accomplishment.
@alexdi1367
Love the summary (and I think you could absolutely blow your channel up with more on this topic), but from you, I'd be more interested in a technical deep dive.
@manufaleschini
As a softeare engineer I highly admire the technical implementation of Stuxnet. It was a masterpiece. The use of it is another discussion.
@erikl1003
I like that you leave me a little extra time at the end of the video so I can get my phone back out and SMASH THAT LIKE BUTTON at my leisure.
@midnightterrors5909